Parece que esta é uma simples questão de sudo.
sudo openvpn client.ovpn
funcionou como um tratamento.
Estou tentando configurar um servidor de acesso OpenVPN na AWS usando a AMI do mercado, mas estou lutando para me conectar a ele.
O servidor de acesso está funcionando. Eu também adicionei um usuário com login automático e gerou as configurações e os certificados relevantes do cliente.
Eu então copiei os arquivos para a minha máquina e tentei conectar usando openvpn client.ovpn
, mas recebi a seguinte saída e erro,
Wed Nov 26 12:41:10 2014 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014
Wed Nov 26 12:41:10 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
Wed Nov 26 12:41:10 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 26 12:41:10 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 26 12:41:10 2014 Socket Buffers: R=[212992->200000] S=[212992->200000]
Wed Nov 26 12:41:10 2014 UDPv4 link local: [undef]
Wed Nov 26 12:41:10 2014 UDPv4 link remote: [AF_INET]<REMOVED_IP>:1194
Wed Nov 26 12:41:10 2014 TLS: Initial packet from [AF_INET]<REMOVED_IP>:1194, sid=2a06a918 c4ecc6df
Wed Nov 26 12:41:11 2014 VERIFY OK: depth=1, CN=OpenVPN CA
Wed Nov 26 12:41:11 2014 VERIFY OK: nsCertType=SERVER
Wed Nov 26 12:41:11 2014 VERIFY OK: depth=0, CN=OpenVPN Server
Wed Nov 26 12:41:11 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov 26 12:41:11 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 26 12:41:11 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Nov 26 12:41:11 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Nov 26 12:41:11 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Wed Nov 26 12:41:11 2014 [OpenVPN Server] Peer Connection Initiated with [AF_INET]54.173.232.46:1194
Wed Nov 26 12:41:14 2014 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Wed Nov 26 12:41:14 2014 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,comp-lzo yes,redirect-private def1,redirect-private bypass-dhcp,redirect-private autolocal,redirect-private bypass-dns,route-gateway 172.16.224.129,route 172.16.1.0 255.255.255.0,route 172.16.224.0 255.255.255.0,block-ipv6,ifconfig 172.16.224.131 255.255.255.128'
Wed Nov 26 12:41:14 2014 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.3.2)
Wed Nov 26 12:41:14 2014 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.3.2)
Wed Nov 26 12:41:14 2014 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.3.2)
Wed Nov 26 12:41:14 2014 Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:18: block-ipv6 (2.3.2)
Wed Nov 26 12:41:14 2014 OPTIONS IMPORT: timers and/or timeouts modified
Wed Nov 26 12:41:14 2014 OPTIONS IMPORT: explicit notify parm(s) modified
Wed Nov 26 12:41:14 2014 OPTIONS IMPORT: LZO parms modified
Wed Nov 26 12:41:14 2014 OPTIONS IMPORT: --ifconfig/up options modified
Wed Nov 26 12:41:14 2014 OPTIONS IMPORT: route options modified
Wed Nov 26 12:41:14 2014 OPTIONS IMPORT: route-related options modified
Wed Nov 26 12:41:14 2014 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=wlan0 HWADDR=c4:85:08:c9:14:f4
Wed Nov 26 12:41:14 2014 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
Wed Nov 26 12:41:14 2014 Exiting due to fatal error
Alguma ideia do problema? Eu suponho que está falhando em criar o túnel devido à linha ERROR?
Estou executando a versão do servidor 2.0.10 e a versão do cliente
OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb 4 2014
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <[email protected]>
Compile time defines: enable_crypto=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_eurephia=yes enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=yes enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_maintainer_mode=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=yes with_crypto_library=openssl with_gnu_ld=yes with_ifconfig_path=/sbin/ifconfig with_iproute_path=/sbin/ip with_mem_check=no with_plugindir='${prefix}/lib/openvpn' with_route_path=/sbin/route with_sysroot=no
Obrigado
Usando o Linux Mint e conectando através da interface do usuário do Network Manager (que não solicita um sudo pwd) - presumi que não era necessário. Acontece que esse era o problema para mim! Conectar via sudo
de um terminal funcionou perfeitamente.